Expand my Community achievements bar.

How to set rep:impersonators property on a user

Avatar

Level 4

Hi All,

I am using AEM 6.3 & I have a use case where User A needs to be setup as impersonator on user B using api code. In order to achieve this, I need to setup rep:impersonators property on user B.

I have tried couple of options but none of these seems to be setting this property on user:

1. Added User A to user-administrators group and then tried to call grantimpersonators method on user B using user A but it always returns false.

2. Created a system user and added it to users-administrators group and then using user session tried to set rep:impersonators property on user B. But this also does not work

Can you please assist on how can I setup the impersonators property on any user using api and what are the prerequisites in order to be able to add this property successfully.

THanks,
Rajeev

6 Replies

Avatar

Level 10

WHat API are you using to perform this use case?

Avatar

Level 4

smacdonald2008​: Below are the 3 options that we tried:

Scenario 1:

Boolean checkImpersonated = userB.getImpersonation().grantImpersonation(userA.getPrincipal());

//always returns false.

Scenario 2:

Value userAuthorizableId=session.getValueFactory().createValue(userSession.getUserID(), PropertyType.STRING);

User userB=(User) userManager.getAuthorizable(impersonateUser);

userB.setProperty("rep:impersonators", impersonator);

session

Scenario 3:

String impersonators = {“user1@test.com”,”test2@test.com”};

Authorizable auth = userManager.getAuthorizable(userBId);

Node authNode = session.getNode(auth.getPath());

  1. authNode.setProperty(("rep:impersonators", impersonators);
  2. session.save();

Avatar

Employee Advisor

The JCR standard does not provide this feature, but the Jackrabbit implementation does.

import org.apache.jackrabbit.api.security.user.User;

User canImpersonate = ...

User jrUser = (User) session.getUser();

Impersonation impersonation = jrUser.getImpersonation();

impersonation.grantImpersonation (canImpersonate);

User (Apache Jackrabbit 2.18.0 API)

Avatar

Level 4

@Jörg Hoh

Thank you for the details.

Does jrUser  needs any specific permissions in repository in order to successfully grant impersonation right to  canImpersonate?

Avatar

Level 4

@Jörg Hohb :

Also current logged in user  is canImpersonate  and I want to setup the impersonation property on jrUser. 

canImpersonate is a member of user-adminsitrations which means this user has all the rights to update user/groups.

Thanks,

Rajeev

Avatar

Employee Advisor

There are no further prequisites to use this API.